When attempting to revoke an encrypted stateless OAuth2 access token, the server returns a 500 error, and the access token is not blacklisted. This does not affect tokens which are only signed.
Run the StatelessTokenRevocationEndpoint tests. There are failures which occur only in the encrypted case (not the signed case).
The tests should pass, and access tokens should be able to be revoked.
The tests fail with a 500 error from AM.
org.forgerock.openam.oauth2.token.stateless.StatelessTokenStore#deleteAccessToken assumes that the JWT is receives is a SignedJwt. In the encrypted case it receives an EncryptedJwt, which then fails with a ClassCastException.